1. Field of the Invention
This invention relates in general to the field of computer networks, and in particular to a method for highly efficient mapping of encrypted HTTPS network packets to a specific URL name and other encrypted data without performing the decryption outside of a secure web server.
2. Description of Related Art
The Internet is a vast network of heterogeneous computers and subnetworks all communicating together to allow for global exchange of information. The World Wide Web (WWW) is one of the more popular information services on the Internet which uses web browser software to decipher hypertext links to documents and files located on remote computers or content servers to access multimedia information in the form of text, audio, video, graphic, animation, still pictures, etc. It has become increasingly necessary for users to remotely access public and private networks and a problem arises as to how to allow a secure access to the resources available on secure servers and networks over a generally insecure public network such as the Internet.
Many hardware and software utilities and applications, such as network performance monitors, have as their core technology a method of measurement that depends on network data as their input. As more and more e-commerce unfolds over the Internet, the use of secure network transports increases. Encryption by web browsers is the single most used source of sending secure data over the Internet via the secure Hypertext Transfer Protocol (HTTPS). For the HTTPS protocol, a web browser uses a public/private key technology that encrypts the network data so strongly that only a corresponding secure web server can decrypt it. It is virtually impossible for a hardware or software monitor, which has access to these encrypted network flows, to understand anything about their format let alone anything about their content. Because of this limitation of monitoring tools in an HTTPS environment, the value of data for hardware and software monitors of this network can only be realized for environments using HTTP, which is the nonsecure version of HTTPS.
Moreover, if decryption is done outside the secure web server, it requires a special decryption software regulated by government which makes it less attractive to marketing and distribution. It is also less attractive to customers because it requires access to web server security certificates which customers would not allow. It is therefore important to use another technique that is more tolerable to government regulations, the marketplace and to the customers.
Therefore, there is a need for a simple, optimized and generic method that is using secure network servers to decrypt a portion of the network data to enable hardware and software network monitors to get the information they need to operate so that they can return the same data as if operating in the HTTP nonsecure environment, without using a special decryption software outside of a secure network server.